Baseball Code

Info on the coded signals used by the Colorado Rockies.

Posted on April 24, 2018 at 2:09 PM • 12 Comments


wumpusApril 24, 2018 2:45 PM

Looks like they've developed a one time pad. Open question as to whether or not it is worth checking for reuse in extra innings (it might not take that long if you have a recording and you are in the 8th in a close game). Maybe they would just grab the next day's cards and make new ones before the game.

John MacdonaldApril 24, 2018 4:09 PM

@wumpus - They have a number of cards ready, in the article they mentioned switching to a new card immediately after the TV camera zoomed in on the card being used.

HmmApril 24, 2018 5:03 PM

"Pitching clocks might be on the horizon. The need for signals is even greater."

One man's NEED is another man's overpaid(!) bear-baiting bread circus marketing itself as a tech concern!

I love baseball and sneaky stuff both, but if we agree to keep aluminum bats out because we want to preserve some aspects of the original concept (ie we keep steroids out (*) and purport to facially enforce rules that make sense) why allow the digital PDA enhancement genie out of the bottle? Is nothing sacred?

A: ADVERTISING : "Tell me more about what you find sacred."

Ollie JonesApril 25, 2018 6:34 AM

Yet another bastion of security-through-obscurity falls to transparent process and hard-to-guess secrets.

VinnyGApril 25, 2018 8:07 AM

@Hmm re baseball changes - Sadly, it is all about marketing, and marketing drones always seem to take a very myopic view. Baseball moguls might do well to recognize that they seem to currently have a window of opportunity that may not last long. Their main team sport competitors in the US are NFL football and NHL hockey. Both sports have been severely impacted by concussion syndrome (i.e., CTE) concerns. To date, those concerns have been addressed by rules changes lessening the severity of body contact. Unfortumately for those sports, violent "hitting" has traditionally been a very large part of the appeal. Those concerns and rule changes can be reasonably expected to increase in the future, along with the likely result of negative impacts on popularity with the traditional audience. IMO this opens up the market for a "traditional American sport," and if MLB wants to take advantage, it should be very cautious about instituting rules that make the game less recognizable as such. The window of opportunity is probably time-limited by the increasing popularity of soccer ("football" elsewhere) in the US. While soccer lacks the "traditional" attribute in the US, it is exactly that in the cultures of many immigrants, and, like baseball, it has the advantage of a limited exposure to the CTE issue.

David E.April 25, 2018 9:02 AM

"“If I get ‘1-4-3,’ and it’s a throw over to first base, we’ll never use ‘1-4-3’ again to throw over,” Iannetta said. “There will never be repetition… It’s pretty impossible to steal signs if you use the system we are using.”"

If it's true that they never use repetition, they've made they're opponents' job easier.

David E.April 25, 2018 12:46 PM

@failrate The problem is if they never re-use a number for "throw over", over the course of a season that gradually shrinks the list of possible 3-digit numbers available for "throw over". And similarly for the other plays. Combining that with the fact that there can be no re-use of numbers for each card, you might be able to hone in on likely codes. Maybe. The real point is that they gain nothing (and possibly lose something) from eliminating re-use of randomly generated codes.

JasonRApril 25, 2018 1:48 PM

@David E: I think you misunderstood or read too much into what was said about "we’ll never use ‘1-4-3’ again to throw over". Or rather, the catcher said it a little too matter-of-fact and doesn't know all of how the system was designed.

Basically, for each game they have generated a new deck of OTP cards. For any given game, OTP's card will ever have a 3-digit number string re-used for the same call. That doesn't mean that the next day, or month, or whatever, that when using true randomness, they might not have the same 3-digit number be used for the same call. In fact, with true randomness, over time, there would be inadvertent re-use, the same with any truly random OTP generation.

The principle is unbreakable, provided no one can get a capture of the OTP cards or access to the system generating them, and it uses a true random number generator.

What would be interesting is to see how often are they changing the OTP cards throughout the game and what are the signs to indicate this? It looks like for many calls that are used often, there are many 3-digit numbers associated. So for "P" (pitch?) there are 14 3-digit numbers associated on this one card.

JasonRApril 25, 2018 2:03 PM

Side note: If I was them, I would load a fresh card at each inning change. Easy time to do a reset.

eraApril 25, 2018 9:43 PM


So it achieves pretty good play-calling security given the constraints of the game, but it is not a true OTP in the mathematical sense of every signal being equally probable.

An unpredictable source of random numbers generated for each game or inning will go a long way, but there are limitations involving re-use of the keymat for extra innings or even too many signals given per inning.

The major pitfall with the "OTP" wristband technique is that keymat can't be kept secret once it is in play. I don't expect players to memorize long stretches of random numbers everyday in addition to their regular training schedule and game-day stressors, so good enough -- but unbreakable, it is not.

Baseball FanApril 28, 2018 1:32 AM

They've been using hand signals as codes on the field for ages. Sometimes they do communicate actual information to teammates, but sometimes the signals are only to intimidate and confuse opponents. ("Chaffing and winnowing.")

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.